Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Selenium cookie with another domain

I have a code on selenium to test a form. But first i go to another page and then redirect to the my page. When i set cookies to new domain , i got error :

Exception in thread "main" org.openqa.selenium.InvalidCookieDomainException: You may only set cookies for the current domain

My Code :

//it is going to example.com and example redirect me to the "example.com" all cookie domains is "example.com"
driver.get("http://www.example.com?id=1");

 Set<Cookie> cookies = driver.manage().getCookies();
 Iterator<Cookie> itr = cookies.iterator();

    while (itr.hasNext()){
    Cookie c = itr.next();
    System.out.println("Cookie Name: " + c.getName() + " --- " + "Cookie Domain: " + c.getDomain() + " --- " + "Cookie Value: " + c.getValue());

    driver.manage().addCookie(c);
    }

How can i manage that ? I have to get/set cookies for example.com

like image 447
Muhammet Arslan Avatar asked Mar 19 '14 13:03

Muhammet Arslan


2 Answers

Like mentioned in previous answer this is expected behavior.

The only work around to date is to driver.get("domain.com/404") page. But this doesn't always work due to SSO often protects domain.com/*

I have made a new feature request on the spec: https://github.com/w3c/webdriver/issues/1238

to make it so the 404 work-around can always work.

The webdriver spec https://w3c.github.io/webdriver/webdriver-spec.html#add-cookie forces the current browser session to be on the domain where you are adding the cookie to.

This makes tons of sense and I agree with it.

This unfortunately prevents 2 key use cases:

You want to re-use cookies from another webdriver session in a new session to avoid repeating the work it took to get the cookies. Such as having to repeat a login. Allow a webdriver pool to be shared amongst unrelated threads where each thread might have their own cookies. The only current work around is to attempt to force the webdriver to go to a 404 error page with something like: webdriver.get("http://the-cookie-domain.com/404adsfasdf"). This would cause the page to go to domain and would allow you to add cookies with addCookie. But this hardly ever works. Because the page is very often protected by SSO, any attempt to go to http://the-cookie-domain.com/* sends you to an SSO login page e.g. http://login.ssodomain.com and now you have the same problem.

We should add a new method to the spec webdriver.goTo404Page(domain) to allow this use-case. This method should simulate a 404 HTTP status code response from domain in the browser.

Alternatively maybe be a new overload to addCookie could allow this, for example: void addCookie(Cookie var1, String goTo404PageOfDomain);

By allowing users to go to a fake 404 page of any given domain, this guarantees the 404-page workaround works for any page and these 2 use cases are now possible.

For firefox, you can modify Marionette slightly to just remove this check.

diff --git a/testing/marionette/cookie.js b/testing/marionette/cookie.js
--- a/testing/marionette/cookie.js
+++ b/testing/marionette/cookie.js
@@ -144,14 +144,14 @@ cookie.add = function(newCookie, {restri
     newCookie.domain = "." + newCookie.domain;
   }

-  if (restrictToHost) {
-    if (!restrictToHost.endsWith(newCookie.domain) &&
-        ("." + restrictToHost) !== newCookie.domain &&
-        restrictToHost !== newCookie.domain) {
-      throw new InvalidCookieDomainError(`Cookies may only be set ` +
-          `for the current domain (${restrictToHost})`);
-    }
-  }
+//  if (restrictToHost) {
+//    if (!restrictToHost.endsWith(newCookie.domain) &&
+//        ("." + restrictToHost) !== newCookie.domain &&
+//       restrictToHost !== newCookie.domain) {
+//      throw new InvalidCookieDomainError(`Cookies may only be set ` +
+//          `for the current domain (${restrictToHost})`);
+//    }
+//  }

   // remove port from domain, if present.
   // unfortunately this catches IPv6 addresses by mistake
diff --git a/testing/marionette/driver.js b/testing/marionette/driver.js
--- a/testing/marionette/driver.js
+++ b/testing/marionette/driver.js
@@ -2638,9 +2638,9 @@ GeckoDriver.prototype.addCookie = functi
   let {protocol, hostname} = this.currentURL;

   const networkSchemes = ["ftp:", "http:", "https:"];
-  if (!networkSchemes.includes(protocol)) {
-    throw new InvalidCookieDomainError("Document is cookie-averse");
-  }
+//  if (!networkSchemes.includes(protocol)) {
+//    throw new InvalidCookieDomainError("Document is cookie-averse");
+//  }

   let newCookie = cookie.fromJSON(cmd.parameters.cookie);

diff --git a/testing/marionette/test_cookie.js b/testing/marionette/test_cookie.js
--- a/testing/marionette/test_cookie.js
+++ b/testing/marionette/test_cookie.js
@@ -190,10 +190,10 @@ add_test(function test_add() {
   });
   equal(2, cookie.manager.cookies.length);

-  Assert.throws(() => {
-    let biscuit = {name: "name3", value: "value3", domain: "domain3"};
-    cookie.add(biscuit, {restrictToHost: "other domain"});
-  }, /Cookies may only be set for the current domain/);
+//  Assert.throws(() => {
+//    let biscuit = {name: "name3", value: "value3", domain: "domain3"};
+//    cookie.add(biscuit, {restrictToHost: "other domain"});
+//  }, /Cookies may only be set for the current domain/);

   cookie.add({
     name: "name4",
like image 148
Nicholas DiPiazza Avatar answered Sep 29 '22 01:09

Nicholas DiPiazza


Why not let the browser be redirected to "example.com" before adding the cookies. Once on that domain, add the cookie values you've taken from "example.com" and the refresh the page?

As per the answer by the team on this issue on the project tracker,

The cookies methods only act on cookies that would be visible as this is the only thing that can be made to work consistently across all browsers. The behaviour that you see is the expected behaviour.

like image 42
anotherdave Avatar answered Sep 29 '22 02:09

anotherdave